{
  config,
  ...
}@attrs:
{
  config = {
    users.users = {
      ${attrs.username} = {
        isNormalUser = true;
        createHome = true;
        hashedPasswordFile = config.sops.secrets."users_password/beastie".path;
        description = "Admin account";
        extraGroups = [
          "wheel"
          "networkmanager"
          "audio"
          "video"
        ];
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
        ];
      };
      root = {
        password = null;
      };
    };
    # https://dev.to/patimapoochai/how-to-edit-the-sudoers-file-in-nixos-with-examples-4k34
    security.sudo = {
      enable = true;
      extraRules = [
        {
          users = [ "${attrs.username}" ];
          host = "ALL";
          runAs = "ALL:ALL";
          commands = [
            {
              command = "ALL";
              options = [ "NOPASSWD" ];
            }
          ];
        }
      ];
      #extraConfig = "#includedir /etc/sudoers.d";
    };
  };
}